systems/eldiron/websites/db/default.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3     cfg = config.myServices.websites.tools.db;
   4 in {
   5   options.myServices.websites.tools.db = {
   6     enable = lib.mkEnableOption "enable database's website";
   7   };
   8
   9   config = lib.mkIf cfg.enable {
  10     services.websites.env.tools.modules = [ "proxy_fcgi" ];
  11     security.acme.certs.eldiron.extraDomainNames = [ "db-1.immae.eu" ];
  12     services.websites.env.tools.vhostConfs.db-1 = {
  13       certName    = "eldiron";
  14       hosts       = ["db-1.immae.eu" ];
  15       root        = null;
  16       extraConfig = [ ''
  17         Alias /adminer ${pkgs.webapps-adminer}
  18         <Directory ${pkgs.webapps-adminer}>
  19           DirectoryIndex index.php
  20           <FilesMatch "\.php$">
  21             SetHandler "proxy:unix:${config.services.phpfpm.pools.adminer.socket}|fcgi://localhost"
  22           </FilesMatch>
  23
  24           Use LDAPConnect
  25           Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
  26           Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
  27         </Directory>
  28         ''
  29       ];
  30     };
  31   };
  32 }